From 1f1d64bab61a273712a199591a3f76210d8c0959 Mon Sep 17 00:00:00 2001 From: Damien Arrachequesne Date: Sat, 10 Mar 2018 08:56:42 +0100 Subject: [PATCH] [fix] Include the protocol in the origins check (#3198) Previously, the protocol was not taken in account, which caused the following behaviour: ```js io.origins('https://foo.example.com:443'); // ok as a string io.origins(['https://foo.example.com:443'); // not ok as an array ``` Fixes #3190 --- docs/API.md | 4 ++-- lib/index.js | 4 +++- test/socket.io.js | 11 +++++++++++ 3 files changed, 16 insertions(+), 3 deletions(-) diff --git a/docs/API.md b/docs/API.md index a78cc5ed35..0465c4556e 100644 --- a/docs/API.md +++ b/docs/API.md @@ -225,13 +225,13 @@ io.adapter(redis({ host: 'localhost', port: 6379 })); #### server.origins([value]) - - `value` _(String)_ + - `value` _(String|String[])_ - **Returns** `Server|String` Sets the allowed origins `value`. Defaults to any origins being allowed. If no arguments are supplied this method returns the current value. ```js -io.origins(['foo.example.com:443']); +io.origins(['https://foo.example.com:443']); ``` #### server.origins(fn) diff --git a/lib/index.js b/lib/index.js index 21cfefc9aa..016353966f 100644 --- a/lib/index.js +++ b/lib/index.js @@ -80,9 +80,11 @@ Server.prototype.checkRequest = function(req, fn) { ? parts.port : defaultPort; var ok = + ~this._origins.indexOf(parts.protocol + '//' + parts.hostname + ':' + parts.port) || ~this._origins.indexOf(parts.hostname + ':' + parts.port) || ~this._origins.indexOf(parts.hostname + ':*') || ~this._origins.indexOf('*:' + parts.port); + debug('origin %s is %svalid', origin, !!ok ? '' : 'not '); return fn(null, !!ok); } catch (ex) { } @@ -241,7 +243,7 @@ Server.prototype.adapter = function(v){ /** * Sets the allowed origins for requests. * - * @param {String} v origins + * @param {String|String[]} v origins * @return {Server|Adapter} self when setting or value when getting * @api public */ diff --git a/test/socket.io.js b/test/socket.io.js index e0ff36f22d..c5f96dc63e 100644 --- a/test/socket.io.js +++ b/test/socket.io.js @@ -354,6 +354,17 @@ describe('socket.io', function(){ done(); }); }); + + it('should allow request when using an array of origins', function(done) { + io({ origins: [ 'http://foo.example:54024' ] }).listen('54024'); + request.get('http://localhost:54024/socket.io/default/') + .set('origin', 'http://foo.example:54024') + .query({ transport: 'polling' }) + .end(function (err, res) { + expect(res.status).to.be(200); + done(); + }); + }); }); describe('close', function(){